今天重新搭建swift服务器,git下代码后一时好奇,进入kilo/stable branch后,与四个月前下载的swift/kilo版本做了个比较。使用diff命令完成。发现代码还是略有区别。

diff -r -u -N --new-file swift/swift/common/bufferedhttp.py swift-kilo/swift/common/bufferedhttp.py
--- swift/swift/common/bufferedhttp.py 2015-09-18 15:30:03.730723515 +0800
+++ swift-kilo/swift/common/bufferedhttp.py 2015-09-18 16:43:36.283386102 +0800
@@ -27,19 +27,14 @@
""" from swift import gettext_ as _
-from swift.common import constraints
from urllib import quote
import logging
import time
import socket -import eventlet
from eventlet.green.httplib import CONTINUE, HTTPConnection, HTTPMessage, \
HTTPResponse, HTTPSConnection, _UNKNOWN -httplib = eventlet.import_patched('httplib')
-httplib._MAXHEADERS = constraints.MAX_HEADER_COUNT
- class BufferedHTTPResponse(HTTPResponse):
"""HTTPResponse class that buffers reading of headers"""
diff -r -u -N --new-file swift/swift/common/constraints.py swift-kilo/swift/common/constraints.py
--- swift/swift/common/constraints.py 2015-09-18 15:30:03.730723515 +0800
+++ swift-kilo/swift/common/constraints.py 2015-09-18 16:43:36.259385971 +0800
@@ -36,7 +36,6 @@
MAX_ACCOUNT_NAME_LENGTH = 256
MAX_CONTAINER_NAME_LENGTH = 256
VALID_API_VERSIONS = ["v1", "v1.0"]
-EXTRA_HEADER_COUNT = 0 # If adding an entry to DEFAULT_CONSTRAINTS, note that
# these constraints are automatically published by the
@@ -55,7 +54,6 @@
'max_account_name_length': MAX_ACCOUNT_NAME_LENGTH,
'max_container_name_length': MAX_CONTAINER_NAME_LENGTH,
'valid_api_versions': VALID_API_VERSIONS,
- 'extra_header_count': EXTRA_HEADER_COUNT,
} SWIFT_CONSTRAINTS_LOADED = False
@@ -107,13 +105,6 @@
'xml': 'application/xml'} -# By default the maximum number of allowed headers depends on the number of max
-# allowed metadata settings plus a default value of 32 for regular http
-# headers. If for some reason this is not enough (custom middleware for
-# example) it can be increased with the extra_header_count constraint.
-MAX_HEADER_COUNT = MAX_META_COUNT + 32 + max(EXTRA_HEADER_COUNT, 0)
-
-
def check_metadata(req, target_type):
"""
Check metadata sent in the request headers. This should only check
diff -r -u -N --new-file swift/swift/common/middleware/tempurl.py swift-kilo/swift/common/middleware/tempurl.py
--- swift/swift/common/middleware/tempurl.py 2015-09-18 15:30:03.738723545 +0800
+++ swift-kilo/swift/common/middleware/tempurl.py 2015-09-18 16:43:36.243385885 +0800
@@ -122,13 +122,11 @@
from urlparse import parse_qs from swift.proxy.controllers.base import get_account_info, get_container_info
-from swift.common.swob import HeaderKeyDict, HTTPUnauthorized, HTTPBadRequest
+from swift.common.swob import HeaderKeyDict, HTTPUnauthorized
from swift.common.utils import split_path, get_valid_utf8_str, \
register_swift_info, get_hmac, streq_const_time, quote -DISALLOWED_INCOMING_HEADERS = 'x-object-manifest'
-
#: Default headers to remove from incoming requests. Simply a whitespace
#: delimited list of header names and names can optionally end with '*' to
#: indicate a prefix match. DEFAULT_INCOMING_ALLOW_HEADERS is a list of
@@ -152,10 +150,6 @@
DEFAULT_OUTGOING_ALLOW_HEADERS = 'x-object-meta-public-*' -CONTAINER_SCOPE = 'container'
-ACCOUNT_SCOPE = 'account'
-
-
def get_tempurl_keys_from_metadata(meta):
"""
Extracts the tempurl keys from metadata.
@@ -176,38 +170,6 @@
quote(filename, safe=' /'), quote(filename)) -def authorize_same_account(account_to_match):
-
- def auth_callback_same_account(req):
- try:
- _ver, acc, _rest = req.split_path(2, 3, True)
- except ValueError:
- return HTTPUnauthorized(request=req)
-
- if acc == account_to_match:
- return None
- else:
- return HTTPUnauthorized(request=req)
-
- return auth_callback_same_account
-
-
-def authorize_same_container(account_to_match, container_to_match):
-
- def auth_callback_same_container(req):
- try:
- _ver, acc, con, _rest = req.split_path(3, 4, True)
- except ValueError:
- return HTTPUnauthorized(request=req)
-
- if acc == account_to_match and con == container_to_match:
- return None
- else:
- return HTTPUnauthorized(request=req)
-
- return auth_callback_same_container
-
-
class TempURL(object):
"""
WSGI Middleware to grant temporary URLs specific access to Swift
@@ -268,10 +230,6 @@
#: The methods allowed with Temp URLs.
self.methods = methods - self.disallowed_headers = set(
- 'HTTP_' + h.upper().replace('-', '_')
- for h in DISALLOWED_INCOMING_HEADERS.split())
-
headers = DEFAULT_INCOMING_REMOVE_HEADERS
if 'incoming_remove_headers' in conf:
headers = conf['incoming_remove_headers']
@@ -340,10 +298,10 @@
return self.app(env, start_response)
if not temp_url_sig or not temp_url_expires:
return self._invalid(env, start_response)
- account, container = self._get_account_and_container(env)
+ account = self._get_account(env)
if not account:
return self._invalid(env, start_response)
- keys = self._get_keys(env)
+ keys = self._get_keys(env, account)
if not keys:
return self._invalid(env, start_response)
if env['REQUEST_METHOD'] == 'HEAD':
@@ -358,32 +316,15 @@
else:
hmac_vals = self._get_hmacs(env, temp_url_expires, keys) - is_valid_hmac = False
- hmac_scope = None
- for hmac, scope in hmac_vals:
- # While it's true that we short-circuit, this doesn't affect the
- # timing-attack resistance since the only way this will
- # short-circuit is when a valid signature is passed in.
- if streq_const_time(temp_url_sig, hmac):
- is_valid_hmac = True
- hmac_scope = scope
- break
+ # While it's true that any() will short-circuit, this doesn't affect
+ # the timing-attack resistance since the only way this will
+ # short-circuit is when a valid signature is passed in.
+ is_valid_hmac = any(streq_const_time(temp_url_sig, hmac)
+ for hmac in hmac_vals)
if not is_valid_hmac:
return self._invalid(env, start_response)
- # disallowed headers prevent accidently allowing upload of a pointer
- # to data that the PUT tempurl would not otherwise allow access for.
- # It should be safe to provide a GET tempurl for data that an
- # untrusted client just uploaded with a PUT tempurl.
- resp = self._clean_disallowed_headers(env, start_response)
- if resp:
- return resp
self._clean_incoming_headers(env)
-
- if hmac_scope == ACCOUNT_SCOPE:
- env['swift.authorize'] = authorize_same_account(account)
- else:
- env['swift.authorize'] = authorize_same_container(account,
- container)
+ env['swift.authorize'] = lambda req: None
env['swift.authorize_override'] = True
env['REMOTE_USER'] = '.wsgi.tempurl'
qs = {'temp_url_sig': temp_url_sig,
@@ -424,23 +365,22 @@ return self.app(env, _start_response) - def _get_account_and_container(self, env):
+ def _get_account(self, env):
"""
- Returns just the account and container for the request, if it's an
- object request and one of the configured methods; otherwise, None is
+ Returns just the account for the request, if it's an object
+ request and one of the configured methods; otherwise, None is
returned. :param env: The WSGI environment for the request.
- :returns: (Account str, container str) or (None, None).
+ :returns: Account str or None.
"""
if env['REQUEST_METHOD'] in self.methods:
try:
ver, acc, cont, obj = split_path(env['PATH_INFO'], 4, 4, True)
except ValueError:
- return (None, None)
+ return None
if ver == 'v1' and obj.strip('/'):
- return (acc, cont)
- return (None, None)
+ return acc def _get_temp_url_info(self, env):
"""
@@ -470,23 +410,18 @@
inline = True
return temp_url_sig, temp_url_expires, filename, inline - def _get_keys(self, env):
+ def _get_keys(self, env, account):
"""
Returns the X-[Account|Container]-Meta-Temp-URL-Key[-2] header values
- for the account or container, or an empty list if none are set. Each
- value comes as a 2-tuple (key, scope), where scope is either
- CONTAINER_SCOPE or ACCOUNT_SCOPE.
+ for the account or container, or an empty list if none are set. Returns 0-4 elements depending on how many keys are set in the
account's or container's metadata. :param env: The WSGI environment for the request.
- :returns: [
- (X-Account-Meta-Temp-URL-Key str value, ACCOUNT_SCOPE) if set,
- (X-Account-Meta-Temp-URL-Key-2 str value, ACCOUNT_SCOPE if set,
- (X-Container-Meta-Temp-URL-Key str value, CONTAINER_SCOPE) if set,
- (X-Container-Meta-Temp-URL-Key-2 str value, CONTAINER_SCOPE if set,
- ]
+ :param account: Account str.
+ :returns: [X-Account-Meta-Temp-URL-Key str value if set,
+ X-Account-Meta-Temp-URL-Key-2 str value if set]
"""
account_info = get_account_info(env, self.app, swift_source='TU')
account_keys = get_tempurl_keys_from_metadata(account_info['meta'])
@@ -495,28 +430,25 @@
container_keys = get_tempurl_keys_from_metadata(
container_info.get('meta', [])) - return ([(ak, ACCOUNT_SCOPE) for ak in account_keys] +
- [(ck, CONTAINER_SCOPE) for ck in container_keys])
+ return account_keys + container_keys - def _get_hmacs(self, env, expires, scoped_keys, request_method=None):
+ def _get_hmacs(self, env, expires, keys, request_method=None):
"""
:param env: The WSGI environment for the request.
:param expires: Unix timestamp as an int for when the URL
expires.
- :param scoped_keys: (key, scope) tuples like _get_keys() returns
+ :param keys: Key strings, from the X-Account-Meta-Temp-URL-Key[-2] of
+ the account.
:param request_method: Optional override of the request in
the WSGI env. For example, if a HEAD
does not match, you may wish to
override with GET to still allow the
HEAD.
-
- :returns: a list of (hmac, scope) 2-tuples
"""
if not request_method:
request_method = env['REQUEST_METHOD']
- return [
- (get_hmac(request_method, env['PATH_INFO'], expires, key), scope)
- for (key, scope) in scoped_keys]
+ return [get_hmac(
+ request_method, env['PATH_INFO'], expires, key) for key in keys] def _invalid(self, env, start_response):
"""
@@ -533,22 +465,6 @@
body = '401 Unauthorized: Temp URL invalid\n'
return HTTPUnauthorized(body=body)(env, start_response) - def _clean_disallowed_headers(self, env, start_response):
- """
- Validate the absense of disallowed headers for "unsafe" operations.
-
- :returns: None for safe operations or swob.HTTPBadResponse if the
- request includes disallowed headers.
- """
- if env['REQUEST_METHOD'] in ('GET', 'HEAD', 'OPTIONS'):
- return
- for h in env:
- if h in self.disallowed_headers:
- return HTTPBadRequest(
- body='The header %r is not allowed in this tempurl' %
- h[len('HTTP_'):].title().replace('_', '-'))(
- env, start_response)
-
def _clean_incoming_headers(self, env):
"""
Removes any headers from the WSGI environment as per the
diff -r -u -N --new-file swift/swift/proxy/server.py swift-kilo/swift/proxy/server.py
--- swift/swift/proxy/server.py 2015-09-18 15:30:03.754723606 +0800
+++ swift-kilo/swift/proxy/server.py 2015-09-18 16:43:36.111385171 +0800
@@ -378,7 +378,6 @@
allowed_methods = getattr(controller, 'allowed_methods', set())
return HTTPMethodNotAllowed(
request=req, headers={'Allow': ', '.join(allowed_methods)})
- old_authorize = None
if 'swift.authorize' in req.environ:
# We call authorize before the handler, always. If authorized,
# we remove the swift.authorize hook so isn't ever called
@@ -389,7 +388,7 @@
if not resp and not req.headers.get('X-Copy-From-Account') \
and not req.headers.get('Destination-Account'):
# No resp means authorized, no delayed recheck required.
- old_authorize = req.environ['swift.authorize']
+ del req.environ['swift.authorize']
else:
# Response indicates denial, but we might delay the denial
# and recheck later. If not delayed, return the error now.
@@ -399,13 +398,7 @@
# gets mutated during handling. This way logging can display the
# method the client actually sent.
req.environ['swift.orig_req_method'] = req.method
- try:
- if old_authorize:
- req.environ.pop('swift.authorize', None)
- return handler(req)
- finally:
- if old_authorize:
- req.environ['swift.authorize'] = old_authorize
+ return handler(req)
except HTTPException as error_response:
return error_response
except (Exception, Timeout):

其中,swift目录为最新版本的swift kilo/stable中源码;swift-kilo目录为四个月前下载的源码。

从上面的比较中,可以看出两个时段的代码略有区别,差异在百来行左右,主要集中于tempurl中间件代码中。这部分,与我动手修改的部分关系不大。唯一稍稍有关的代码更新,可能就是proxy server中代码更新。但仔细研究后发现,就是对旧的认证入口函数做了一个保存,在返回产生异常时,利用旧认证函数对env中认证函数进行赋值。相当于对代码逻辑的小小完善,对整体大流程不会有影响。

我想,我可以放心在最新kilo分支代码上进行修改,并利用它搭建系统,进行压力测试。

swift kilo版代码更新的更多相关文章

  1. Unity手游之路<十三>手游代码更新策略探讨

    http://blog.csdn.net/janeky/article/details/25923151 这几个月公司项目非常忙,加上家里事情也多,所以blog更新一直搁置了.最近在项目开发上线过程中 ...

  2. openstack【Kilo】汇总:包括20英文文档、各个组件新增功能及Kilo版部署

    OpenStack Kilo版本发布 20英文文档OpenStack Kilo版本文档汇总:各个操作系统安装部署.配置文档.用户指南等文档 Kilo版部署 openstack[Kilo]入门 [准备篇 ...

  3. Unity手游之路手游代码更新策略探讨

    版权声明: https://blog.csdn.net/janeky/article/details/25923151 这几个月公司项目非常忙.加上家里事情也多,所以blog更新一直搁置了. 近期在项 ...

  4. OpenStack Kilo版加CEPH部署手册

    OpenStack Kilo版加CEPH部署手册 作者: yz联系方式: QQ: 949587200日期: 2015-7-13版本: Kilo 转载地址: http://mp.weixin.qq.co ...

  5. Win10桌面预览版14316更新内容大全

    下载更新: 安装之后右下角: Win10桌面预览版14316更新内容:       Windows上运行乌班图Bash:通过设置开启开发者模式,更新和安全>面向开发人员.然后搜索"Wi ...

  6. 理解JavaScript设计模式与开发应用中发布-订阅模式的最终版代码

    最近拜读了曾探所著的<JavaScript设计模式与开发应用>一书,在读到发布-订阅模式一章时,作者不仅给出了基本模式的通用版本的发布-订阅模式的代码,最后还做出了扩展,给该模式增加了离线 ...

  7. WebGIS中以version方式实现代码更新后前端自动读取更新代码的方法

    文章版权由作者李晓晖和博客园共有,若转载请于明显处标明出处:http://www.cnblogs.com/naaoveGIS/ 1. 前言 GIS代码进行更新后,由于用户前端已有缓存,导致更新的功能不 ...

  8. 【剑指offer】Java版代码(完整版)

    原文地址:https://blog.csdn.net/baiye_xing/article/details/78428561 一.引言 <剑指offer>可谓是程序猿面试的神书了,在面试中 ...

  9. git如何merge github forked repository里的代码更新?(转)

    参考内容:git如何merge github forked repository里的代码更新? [refer to ]http://www.haojii.com/2011/08/how-to-git- ...

随机推荐

  1. bzoj 1734: [Usaco2005 feb]Aggressive cows 愤怒的牛【二分+贪心】

    二分答案,贪心判定 #include<iostream> #include<cstdio> #include<algorithm> using namespace ...

  2. PWA技术深入学习

    PWA技术 PWA全称Progressive Web App,即渐进式WEB应用. 解决的问题 实现离线缓存功能,即使用户手机没有网络,依然可以使用一些离线功能 可以添加至主屏幕,点击主屏幕图标可以实 ...

  3. [C和指针] 4-语句、5-操作符和表达式

    第4章 语句 4.1 表达式语句 C并不存在专门的"赋值语句",赋值就是一种操作,就像加法和减法一样,所以赋值就在表达式内进行. 你只要在表达式后面加上一个分号,就可以把表达式转变 ...

  4. 二分查找 HDOJ 2141 Can you find it?

    题目传送门 /* 题意:给出一个数,问是否有ai + bj + ck == x 二分查找:首先计算sum[l] = a[i] + b[j],对于q,枚举ck,查找是否有sum + ck == x */ ...

  5. C# 动态调用 WebService (转)

    在 Visual Studio 中客户端程序可以添加服务引用来调用 WebService,这样 Visual Studio 会生成与之相关的代理类,通过这个代理类可以很方便的访问所需要的服务. 如果服 ...

  6. Http协议对格式、请求头、方法

    ######### #概览 ######### 超文本传输协议(Http: Hyper Text Transfer Protocol) :用于发送WWW方式的数据.采用TCP/IP协议,是一个无状态协 ...

  7. 解决FormClosing事件点击关闭2次的问题

    以下代码:提示框会跳出2遍  private void mFrmmain_FormClosing(object sender, FormClosingEventArgs e) { if (Dialog ...

  8. 第八届蓝桥杯省赛C/C++ A组第8题 包子凑数

    参考了http://blog.csdn.net/y1196645376/article/details/69718192 思路: 数论+完全背包. 实现: #include <iostream& ...

  9. React组件的防呆机制(propTypes)

    Prop验证 随着应用不断变大,为了保证组件被正确使用变得越来越重要.为此我们引入propsTypes.React.PropTypes提供很多验证器(valodator)来验证传入的数据的有效性.当向 ...

  10. npm换淘宝源 yarn换淘宝源

    查询初始的源 npm get registry > https://registry.npmjs.org/ 设置淘宝源 npm config set registry http://regist ...